Inline...
On Thu, Nov 7, 2013 at 9:41 AM, Pete Resnick <presnick@xxxxxxxxxxxxxxxx> wrote:
On 11/7/13 1:36 AM, Richard Barnes wrote:What process do you think is being over-contemplated here? The bit about the IAB judging consensus? Fine, ignore that bit. That's not the most important bit.Like Randy, I sense a fair degree of process omphaloskepsis here.
The sense of the room was taken, and expressed agreement with a small set of sentences. I don't see much utility in parsing the event beyond that simple statement of what happened.
(Dismissing or belittling arguments by characterizing -- or caricaturing -- them, be it calling them "naive" or "overwrought" or "omphaloskepsis", is often effective, but inappropriate.)
I apologize for using dismissive language. But actually, my main concern here is that we're getting distracted by minutiae from things that have bigger-picture significance.
Consensus on *what* exactly in this case? Consensus that we should all be happy? Consensus that we should all have a pony?
A wise person once told me that any consensus is judged at a point in space and time, and this one sure was.
It is true that consensus (rough or otherwise) is a state, and that state can always change. But consensus should be on a particular point and it must be relatively stable; it shouldn't be claimed on some broad platitude for which nobody knows the details, and it shouldn't change unless new information is brought into the mix.
Consensus on the three questions that were asked (copying from Scott's message):
1. Is the IETF willing to respond to pervasive surveillance as an attack?
2. IETF should include encryption even outside of authentication where practical?
3. The IETF should strive for e2e encryption even when there are middleboxes in the path?
1. Is the IETF willing to respond to pervasive surveillance as an attack?
2. IETF should include encryption even outside of authentication where practical?
3. The IETF should strive for e2e encryption even when there are middleboxes in the path?
There are ambiguities there. There are ambiguities in any sentence written in human language. We should have the discussion to sort out the ambiguities and turn these principles into actions. But the need for that discussion doesn't undermine the utility of establishing that we have some base level of agreement.
What you're saying is that it is impossible for the consensus of the IETF to be estimated in plenary session and that it requires some specially anointed person (not of the IAB) to judge that consensus.
No, I am absolutely not saying that. I disagree completely with all of the above statement.
After a discussion of issues, it is perfectly reasonable for someone (anyone) to *estimate* what the consensus of the IETF might be in plenary and state that. Sometimes that might even be a good thing.
A hum (or a show of hands, or an applause meter) can give you lots of information about the sentiment of the room and it might even give you an estimate of what the consensus of the room is. All fine.
But taking a hum, at the end, without discussion afterward, is not a reasonable way to *call* consensus. And that's exactly what some people heard was going on. And it's hard to interpret what Russ said otherwise.
I don't think it's reasonable to call a hum at the end unreasonable :) Just because we're not in the room doesn't mean we can't continue discussing. A hum is just a point measurement, whether it comes at the beginning or the end. In this case, it was a measurement at the beginning of the discussion, which seems useful to me for establishing some points on which there is substantial agreement and some points where we need to have some discussion. In that sense, it has clearly worked, as Scott's thread demonstrates.
Discussion of the content of the hums -- what do these principles we've agreed on really mean? -- is a worthwhile activity. Trying to declare the measurement invalid because of how it was done is not.
Discussion of the content of the hums -- what do these principles we've agreed on really mean? -- is a worthwhile activity. Trying to declare the measurement invalid because of how it was done is not.
(As for the "anointed" person: *Calling* consensus -- that is, making an IETF decision -- does take someone who the IETF has agreed is responsible to do that. Estimating consensus or guessing consensus or otherwise sticking one's finger into the wind and predicting consensus are all fine -- unless you're doing so to try to shove people into a particular position -- but making a final call *is* something that we leave for someone in particular. You'll not that when Ted asked for the hum, he asked Jari to do it. And again, none of this is the important point of my message.)
I never got the impression that this was what was being done.
Neither argument seems to me like it would really sway the outcome of this decision...
Sorry: What decision exactly?
Poor choice of words. The outcome of the hum.
Don't get hung up on the details. This isn't about the details.These consensus calls seem to have captured the high-level consensus of the IETF, as gathered in plenary at this meeting. Yes, there was argument about more specific details at the PERPASS meeting, but I don't think that invalidates the more general agreement.
Have a hum and applause to make you feel good. Just don't confuse people to think that it means the IETF has come to consensus.
Ask big fluffy political questions that state big fluffy political principles. Just don't confuse people to think that it means the IETF has come to consensus.
I know people hate the idea that the IETF can't make grand political statements and that we're stuck doing technical work. Making grand political statements is fun and gets good press. Tough. Leave grand political statements to the IAB and ISOC. Let the IETF do its technical work and stop engaging in theatrics. Far less flashy, but significantly more useful.
The adjectives "fluffy", "political", and "theatrical" just don't apply to the questions that were asked. They're "big", but they're about technical priorities for design -- what scenarios do we want to address with security the technologies we're developing?
These are useful and actually surprisingly concrete questions for setting the overall direction of technical development in the IETF. They were already cited in the STIR meeting only a few hours after they were called. Let's appreciate the value of having agreement on a particular set of words, even if those words might not have an engineer's preferred level of precision and clarity.
--Richard
pr
On Wed, Nov 6, 2013 at 11:21 PM, Pete Resnick <presnick@xxxxxxxxxxxxxxxx> wrote:
Some folks approached me after the plenary and asked me why I objected so loudly to these "taking of hums". Tim's response pretty well explains it:
On 11/6/13 6:58 PM, Randy Bush wrote:Yes, the feeling of those present was pretty clear. And if Russ had only asked for the feeling of those present, I probably wouldn't have been torqued. I would have, like Dave described it, thought it a bit of political theater, but otherwise said "Whatever".
On 11/6/13 6:50 PM, Tim Bray wrote:
You’re entitled to your opinion, but I entirely disagree. I thought each of those made an important point and highlighted some areas where consensus is broadly held. I appreciated Russ’ composition of the issues and think he deserves our thanks.
the feeling of those present was pretty clear.
But Russ didn't ask for a "feeling". Russ said that he was asking about consensus, and Tim heard that the result of those hums *were* the IETF coming to consensus. And that's just bogus. There was no consensus, and some of this I think is really damaging to the IETF.
Look at a couple of these:
On 11/6/13 12:41 PM, Russ Housley wrote:
1. The IETF is willing to respond to the pervasive surveillance attack?
Overwhelming YES. Silence for NO.
This was "The IETF wants to save the lives of bunnies." Press release nonsense. And surely so much mush as not to be consensus. Just let's everybody applaud. OK, who cares, but not useful.
3. The IETF should include encryption, even outside authentication, where practical.
Strong YES. Silence for NO.
So if you sat in perpass, you'll know that the result of this hum was rubbish. There were a bunch of people up at the mic in perpass who objected strenuously to this. There was no IETF consensus on this point. But if you took the result of the bogus hum as consensus, you'd sure think so. And that happened because Russ loaded the deck in the way he asked the question to make sure that nobody would hum against it. He asked it at the end when it was clear there would be no discussion of dissent, so that people who might have objected felt comfortable that at least they'd have a chance to explain themselves instead of looking like idiots humming against motherhood and apple pie. Pure nonsense.
This wasn't about getting consensus. This was about everybody feeling good about themselves and being able to applaud. And if anyone tries to enforce any of these things as consensus of the IETF (e.g., "Sorry; we had a hum and there was consensus that we're doing encryption without authentication whether you'd like to or not, so you're in the rough"), that should be appealed immediately.
This is vote stuffing in the extreme. It's ignoring (heck, it's actively suppressing) minority voices. It makes a joke of coming to consensus at all.
And all that said, since when does the IAB judge the consensus of the IETF? Not since 1992, as far as I remember.
I don't disagree with any of the statements per se. As Scott Brim pointed out, the statements were incredibly general and left all sorts of stuff undefined, so it's hard to know exactly what I'm signing up to by agreeing with them. But again, it's motherhood and apple pie for most of them. (The second might have been interesting if it weren't buried in the middle of the rest.) And it made for fine press. But IETF consensus? Bullpucky.
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
-- Pete Resnick <http://www.qualcomm.com/~presnick/> Qualcomm Technologies, Inc. - +1 (858)651-4478